Add missing check for encrypted name id in non encrypted assertions

joonlabs · joonlabs · commit 5e84cc5e24b6 · 2024-09-11T10:30:02.000+02:00
diff --git a/src/Saml2/Response.php b/src/Saml2/Response.php
@@ -234,6 +234,7 @@ public function isValid($requestId = null)
                     );
                 }
 
+                $this->encryptedNameId = $this->encryptedNameId || $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')->length > 0;
                 if (!$this->encryptedNameId && $security['wantNameIdEncrypted']) {
                     throw new ValidationError(
                         "The NameID of the Response is not encrypted and the SP requires it",

Original file line number	Diff line number	Diff line change
`@@ -234,6 +234,7 @@ public function isValid($requestId = null)`
`234`	`234`	`);`
`235`	`235`	`}`
`236`	`236`
	`237`	`+ $this->encryptedNameId = $this->encryptedNameId \|\| $this->_queryAssertion('/saml:Subject/saml:EncryptedID/xenc:EncryptedData')->length > 0;`
`237`	`238`	`if (!$this->encryptedNameId && $security['wantNameIdEncrypted']) {`
`238`	`239`	`throw new ValidationError(`
`239`	`240`	`"The NameID of the Response is not encrypted and the SP requires it",`